Untrusted software and security click-through warnings

Thorsten Sick modern_ronin at web.de
Sun Oct 21 16:41:32 UTC 2007


Maybe i found a solution for this problem:

Am Dienstag, den 16.10.2007, 15:48 +0100 schrieb Ian Jackson:
> Alexander Sack writes ("Re: Untrusted software and security click-through warnings"):
> > I completely agree. My point is: if captchas don't help then why would
> > pasting commands from the net help to get the user think about the
> > risk their actions imply?
> The point is pasting random commands from the net is inherently more
> scary than saying `yes' a few times.
> Although we cannot save all of our users, we can save that proportion
> of them who are likely to hesitate when a website says something like
> "please type `wget thingy | sudo bash'".
> If you have a concrete suggestion for an approach which is likely to
> save _in practice_ a greater proportion of our users, please do
> suggest it.

Users need more features than ubuntu is offering (uncommon hardware,
non-ubuntu software).
We would need several approaches:
- Add more features to ubuntu. Stuff many people are looking for should
be implemented first. A good list are pages like:
- If there are only a few people who need some commands to fix a
problem, it would be possible to "sign" this commands by creating a
small script and add this to the official repository. Afterwards the
user has only to call "sudo apt-get solve_problem237" and "sudo
solve237". The pages should only offer these commands as a help.
Additional positive effect: Newbies can not botch.

an own repository for this would be wise, I think

Maybe this _could_ work.
Thorsten Sick <modern_ronin at web.de>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071021/2a4c9022/attachment.pgp>

More information about the Ubuntu-devel-discuss mailing list